feat: run OCI image sources via temporary bundle #1125
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of the Pull Request (PR):
When running containers in
--oci
mode, the argument to run is now an image reference corresponding to a native OCI format handled by containers/image, i.e.The source image is extracted into a temporary OCI bundle, with a minimally valid configuration that:
The approach is very naive - we pull through Singularity's OCI blob cache into a temporary oci layout dir, before creating the bundle from it. Auth handling for registries is not yet wired up. There is duplication of various pieces of code from the build / SIF OCI flows as these are not easily exposed to the area we are working in.
The intent of the PR, at this stage, is simply to allow e.g.
Note - the next PR will refactor the code to use functional options.
This fixes or addresses the following GitHub issues:
Before submitting a PR, make sure you have done the following:
make check
and tested this PR locally with amake test
, andmake testall
if possible (see CONTRIBUTING.md).